鸟哥学习笔记---NIS

 Network Information Services（NIS）与Sum Yellow Pages是一样的东西

概要：

    NIS主要提供的是用户的账号、密码、用户主目录文件名、UID等信息，但NIS并没有提供文件系统。同时，NIS同样使用RPC服务。

    NIS服务的特性决定了NIS服务器所提供的数据当然需要用到传输与读写比较快速的数据库文件系统。

    NIS服务器可以使用Master/Slave架构，两台机器同时工作

    

NIS服务器提供的数据:
/etc/passwd
/etc/group
/etc/hosts
/etc/services----每一种服务对应的端口
/etc/protocols---基础的TCP/IP数据包协议
/etc/rpc---------每一种RPC服务所对应的程序码
/var/yp/ypservers---NIS服务所提供的数据库

NIS工作流程：
1.账号密码等相关文件制作成数据库文件
2.Slaver与Master同步数据库
3.NIS Client先查询本机的帐号密码文件再查看远程的数据库文件。

相关软件：
yp-tools:提供NIS相关查询命令
ypbind:NIS Client
ypserv:NIS SErver
rpcbind:RPC

 

[root@Centosszm ~]# rpm -qa | grep ^yp

ypbind-1.20.4-29.el6.i686

yp-tools-2.9-10.el6.i686

 

 NIS相关配置文件：
1./etc/ypserv.conf
2./etc/hosts：主机名
3./etc/sysconfig/network:指定NIS的网络
4./var/yp/Makefile：与建立数据库相关的操作控制文件

 

NIS相关配置文件与命令：
1./usr/sbin/ypserv
2./usr/sbin/rpc.yppasswdd---修改修改
3./usr/lib64/yp/ypinit---建立数据库的命令
  /usr/lib/yp/ypinit
4./usr/bin/yppasswd---修改密码

NIS Server配置：
1.设置NIS的域名：

[root@Centosszm ~]# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=Centosszm.test.com

NISDOMAIN=vbirdnis

YPSERV_ARGS="-p 1011"    #为防火墙设置而固定端口
暂时设置NIS域名：
[root@Centosszm ~]# nisdomainname

[root@Centosszm ~]# ypdomainname

[root@Centosszm ~]# domainname

上面这三个命令的作用是一样的

 

2.主配置文件：

 

[root@Centosszm ~]# grep  -v '^[#]' /etc/ypserv.conf

dns: no    #不使用DNS

files: 30  #30个数据库被读入内存当中

xfr_check_port: yes   #与Slave同步使用的端口小于1024

127.0.0.0/255.255.255.0    : *       : *        : none

192.168.179.0/24           : *       : *        : none

*                          : *       : *        : deny

IP：NIS域名：可使用数据库名称：安全限制（none,port[<1024],deny）

3.设置主机名与IP的对应：

 

[root@Centosszm ~]# cat /etc/hosts

192.168.179.7   Centosszm.test.com      Centosszm       # Added by NetworkManager

127.0.0.1       localhost.localdomain   localhost

::1     Centosszm.test.com      Centosszm       localhost6.localdomain6 localhost6

192.168.179.88 szm.test.com

自己的主机名记得要设置

[root@Centosszm ~]# hostname

Centosszm.test.com

4.启动所有相关的服务：

[root@Centosszm ~]# grep -v '^[#]' /etc/sysconfig/yppasswdd

YPPASSWDD_ARGS="--port 1012"   #方便防火墙设置

[root@Centosszm ~]# /etc/init.d/ypserv start

Setting NIS domain name vbirdnis:                          [  OK  ]

Starting YP server services:                               [  OK  ]

[root@Centosszm ~]# /etc/init.d/yppasswdd start     #提供客户端修改密码

Starting YP passwd service:                                [  OK  ]

RPC启动了就不要重启了

 

 

[root@Centosszm ~]# rpcinfo -p localhost

   program vers proto   port  service

    100000    4   tcp    111  portmapper

    100000    4   udp    111  portmapper

......

    100004    2   udp   1011  ypserv

    100004    1   udp   1011  ypserv

    100004    2   tcp   1011  ypserv

    100004    1   tcp   1011  ypserv

    100009    1   udp   1012  yppasswdd

[root@Centosszm ~]# rpcinfo -u localhost ypserv

program 100004 version 1 ready and waiting

program 100004 version 2 ready and waiting

 

5.处理帐号并建立数据库：

[root@Centosszm ~]# useradd -u 1001 nisuser1

[root@Centosszm ~]# useradd -u 1002 nisuser2

[root@Centosszm ~]# useradd -u 1003 nisuser3

[root@Centosszm ~]# echo password | passwd --stdin nisuser1

Changing password for user nisuser1.

passwd: all authentication tokens updated successfully.

[root@Centosszm ~]# echo password | passwd --stdin nisuser2

Changing password for user nisuser2.

passwd: all authentication tokens updated successfully.

[root@Centosszm ~]# echo password | passwd --stdin nisuser3

Changing password for user nisuser3.

passwd: all authentication tokens updated successfully.

 

[root@Centosszm ~]# /usr/lib/yp/ypinit -m

 

At this point, we have to construct a list of the hosts which will run NIS

servers.  Centosszm.test.com is in the list of NIS server hosts.  Please continue to add

the names for the other hosts, one per line.  When you are done with the

list, type a <control D>.

        next host to add:  Centosszm.test.com

        next host to add:

The current list of NIS servers looks like this:

Centosszm.test.com       #查看主机名设置正确；

 

Is this correct?  [y/n: y]  y

We need a few minutes to build the databases...

Building /var/yp/vbirdnis/ypservers...

Running /var/yp/Makefile...

gmake[1]: Entering directory `/var/yp/vbirdnis'

Updating passwd.byname...

Updating passwd.byuid...

Updating group.byname...

Updating group.bygid...

Updating hosts.byname...

Updating hosts.byaddr...

Updating rpc.byname...

Updating rpc.bynumber...

Updating services.byname...

Updating services.byservicename...

Updating netid.byname...

Updating protocols.bynumber...

Updating protocols.byname...

Updating mail.aliases...

gmake[1]: Leaving directory `/var/yp/vbirdnis'

 

Centosszm.test.com has been set up as a NIS master server.

 

Now you can run ypinit -s Centosszm.test.com on all slave server.

如果出现了什么错误，如缺少了什么文件，那就Touch那个文件，重新运行一次命令即可。ypserv没有注册也会出现错误

 

如果用户密码发生过变化，那么就要重新制作数据库，重新启动ypserv及yppasswdd。

 

6.防火墙设置：

 

[root@Centosszm ~]# iptables -A INPUT -i eth0 -p tcp -s 192.168.179.0/24 --dport 1011 -j ACCEPT

[root@Centosszm ~]# iptables -A INPUT -i eth0 -p udp -s 192.168.179.0/24 -m multiport --dport 1011,1012 -j ACCEPT

 

还要放行RFC的111端口才行。

 

 

[root@Centosszm ~]# /etc/init.d/iptables save

 

NIS Client 端的设置：

由于NIS Client 会查找本地的帐号信息，所以最好能够将本身的账号密码删除到仅剩下系统账号，也就是UID、GID均小于500的账号。

 

若想让NIS服务器写入的各项账号数据都是NIS Server的/var/yp/Makefile文件设置的。

NIS Client所需要的软件：

ypbind        #与ypserv沟通
yp-tools     

 

NIS Client用到的配置文件：

1./etc/sysconfig/network      #NIS的域名

2./etc/hosts                  #NIS服务器主机名与IP对应

3./etc/yp.conf                #ypbind主要配置文件，里面主要规范NIS服务器

4./etc/sysconfig/authconfig   #规范账号登录时允许认证机制

5./etc/pam.d/system-auth      #要加入PAM模块内加入NIS的支持

6./etc/nss/witch.conf　　　　 #密码查找顺序

 

NIS客户端参数修改：

1./usr/bin/yppasswd           #更改NIS database中的密码

2./usr/bin/ypchsh             #更改NIS database中的Shell

3./usr/bin/ypchfn             #更改一些用户信息

 

NIS Client的启动：

 

[root@szm ~]# setup

Starting rpcbind:                                          [  OK  ]

Starting NIS service:                                      [  OK  ]

Binding NIS service: .                                     [  OK  ]

 

 

[root@szm ~]# cat /etc/sysconfig/network

HOSTNAME=szm

NETWORKING=yes

NISDOMAIN=vbirdnis

 

 

[root@szm ~]# cat /etc/yp.conf

# /etc/yp.conf - ypbind configuration file

# Valid entries are

#

# domain NISDOMAIN server HOSTNAME

#       Use server HOSTNAME for the domain NISDOMAIN.

#

# domain NISDOMAIN broadcast

#       Use  broadcast  on  the local net for domain NISDOMAIN

#

# domain NISDOMAIN slp

#       Query local SLP server for ypserver supporting NISDOMAIN

#

# ypserver HOSTNAME

#       Use server HOSTNAME for the  local  domain.  The

#       IP-address of server must be listed in /etc/hosts.

#

# broadcast

#       If no server for the default domain is specified or

#       none of them is rechable, try a broadcast call to

#       find a server.

#

domain vbirdnis server 192.168.179.7

 

 

[root@szm ~]# cat /etc/nsswitch.conf

#

# /etc/nsswitch.conf

#

# An example Name Service Switch config file. This file should be

# sorted with the most-used services at the beginning.

#

# The entry '[NOTFOUND=return]' means that the search for an

# entry should stop if the search in the previous entry turned

# up nothing. Note that if the search failed due to some other reason

# (like no NIS server responding) then the search continues with the

# next entry.

#

# Valid entries include:

#

#       nisplus                 Use NIS+ (NIS version 3)

#       nis                     Use NIS (NIS version 2), also called YP

#       dns                     Use DNS (Domain Name Service)

#       files                   Use the local files

#       db                      Use the local database (.db) files

#       compat                  Use NIS on compat mode

#       hesiod                  Use Hesiod for user lookups

#       [NOTFOUND=return]       Stop searching if not found so far

#

 

# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd:    db files nisplus nis

#shadow:    db files nisplus nis

#group:     db files nisplus nis

 

passwd:     files nis

shadow:     files nis

group:      files nis

 

#hosts:     db files nisplus nis dns

hosts:      files mdns4_minimal [NOTFOUND=return] nis dns

 

# Example - obey only what nisplus tells us...

#services:   nisplus [NOTFOUND=return] files

#networks:   nisplus [NOTFOUND=return] files

#protocols:  nisplus [NOTFOUND=return] files

#rpc:        nisplus [NOTFOUND=return] files

#ethers:     nisplus [NOTFOUND=return] files

#netmasks:   nisplus [NOTFOUND=return] files

 

bootparams: nisplus [NOTFOUND=return] files

 

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files

 

netgroup:   files nis

 

publickey:  nisplus

 

automount:  files nis

aliases:    files nisplus

 

 

 

手动修改方式：

1./etc/sysconfig/network

2./etc/nsswitch.conf

3./etc/sysconfig/authconfig

4./etc/pam.d/system-auth

5./etc/yp.conf

 

 

1.利用yptest验证数据库

[root@szm ~]# yptest

Test 1: domainname

Configured domainname is "vbirdnis"

 

Test 2: ypbind

Used NIS server: Centosszm.test.com

 

Test 3: yp_match

WARNING: No such key in map (Map passwd.byname, key nobody)

 

#没有这个数据库，可以忽略。这是因为早期的nobody的UID都设置为65534，但CentOS则将nobody设置为系统帐号的99，所以当然不会被记录。

 

Test 4: yp_first

vbirduser1 vbirduser1:$6$h2rhHtw5$tMQbwjXMLOxjCTUZqKQ1NO0PxV2HngVmG9bdHG3pFy1hTEhCG1Xn3.RB0EdVcfbfwCUkrs1GCSpBlvQyBfCvV.:501:502::/home/vbirduser1:/bin/bash

 

Test 5: yp_next

vbirduser5 vbirduser5:$6$hzCqY1Ru$6sAjj9i2AHlyJVnovzhoxV4i974QeeEejiSIwgaqGO5yVrBMlI8hi0zovAF9.6HhGj/ctdGrhFN6oWk4.LkUy0:505:506::/home/vbirduser5:/bin/bash

vbirduser2 vbirduser2:$6$OS5Aawvh$2UZHWDST6kQaNsZCTDIRYMamwk0Rfbx4M5PEtDgLj0LcGCnQ.LLsh1oB/3AtVTRVCB1uTFYCg3qmJM8HlgbLp0:502:503::/home/vbirduser2:/bin/bash

szm szm::500:500:shenzhimin:/home/szm:/bin/bash

nisuser3 nisuser3:$6$ZYL.djFV$fY2rLiNH7FdanXLOKAoN3KjRhlF7uL5bOel3mzK3R2A3x0C6nG.qZmcipz0OnGhXgvq.KfR.rUWjKLH6tRnEn/:1003:1003::/home/nisuser3:/bin/bash

nisuser1 nisuser1:$6$O7afwe1f$gdghSa/C6jIzP.ALwqUZ8vEQriscir3ztsuLxAun3Yr3XrW8ruviCmUGZZCoFpzdTabicukFsx7CxFw30VA9u0:1001:1001::/home/nisuser1:/bin/bash

vbirduser3 vbirduser3:$6$6Y0aqnGy$9F.znmvPfsByGmN.Br90LCxbyD0IZxNI7uI95EVUVg2Bp9MRPLvFLkLvs2l7FmLOlp5H7DKHYx5e7F5/mmeGw0:503:504::/home/vbirduser3:/bin/bash

vbirduser4 vbirduser4:$6$Y5i39Vr0$QQFWj8FfxoKPrUbhkpbQ0m/NCy8Xgk91ZmUyjC.ffVzbjj.qcryX.ss2Ok27IqGcRBaUOwLN0e7ND..I5SEvv.:504:505::/home/vbirduser4:/bin/bash

nisuser2 nisuser2:$6$VPp4W0S9$eL9rFsICzmVXDKpEAu321CHt..bOPqQM83dE7tSdfuhp2fLsohUeivF.1.j1iyE39ad8Mfv2zg/Z3A7LjPfIO/:1002:1002::/home/nisuser2:/bin/bash

 

Test 6: yp_master

Centosszm.test.com

 

Test 7: yp_order

1364743886

 

Test 8: yp_maplist

protocols.bynumber

mail.aliases

hosts.byaddr

hosts.byname

rpc.byname

services.byname

netid.byname

group.byname

passwd.byuid

services.byservicename

group.bygid

rpc.bynumber

protocols.byname

ypservers

passwd.byname

 

Test 9: yp_all   #必须要列出NIS Server上的所有账户信息。

vbirduser1 vbirduser1:$6$h2rhHtw5$tMQbwjXMLOxjCTUZqKQ1NO0PxV2HngVmG9bdHG3pFy1hTEhCG1Xn3.RB0EdVcfbfwCUkrs1GCSpBlvQyBfCvV.:501:502::/home/vbirduser1:/bin/bash

vbirduser5 vbirduser5:$6$hzCqY1Ru$6sAjj9i2AHlyJVnovzhoxV4i974QeeEejiSIwgaqGO5yVrBMlI8hi0zovAF9.6HhGj/ctdGrhFN6oWk4.LkUy0:505:506::/home/vbirduser5:/bin/bash

vbirduser2 vbirduser2:$6$OS5Aawvh$2UZHWDST6kQaNsZCTDIRYMamwk0Rfbx4M5PEtDgLj0LcGCnQ.LLsh1oB/3AtVTRVCB1uTFYCg3qmJM8HlgbLp0:502:503::/home/vbirduser2:/bin/bash

szm szm::500:500:shenzhimin:/home/szm:/bin/bash

nisuser3 nisuser3:$6$ZYL.djFV$fY2rLiNH7FdanXLOKAoN3KjRhlF7uL5bOel3mzK3R2A3x0C6nG.qZmcipz0OnGhXgvq.KfR.rUWjKLH6tRnEn/:1003:1003::/home/nisuser3:/bin/bash

nisuser1 nisuser1:$6$O7afwe1f$gdghSa/C6jIzP.ALwqUZ8vEQriscir3ztsuLxAun3Yr3XrW8ruviCmUGZZCoFpzdTabicukFsx7CxFw30VA9u0:1001:1001::/home/nisuser1:/bin/bash

vbirduser3 vbirduser3:$6$6Y0aqnGy$9F.znmvPfsByGmN.Br90LCxbyD0IZxNI7uI95EVUVg2Bp9MRPLvFLkLvs2l7FmLOlp5H7DKHYx5e7F5/mmeGw0:503:504::/home/vbirduser3:/bin/bash

vbirduser4 vbirduser4:$6$Y5i39Vr0$QQFWj8FfxoKPrUbhkpbQ0m/NCy8Xgk91ZmUyjC.ffVzbjj.qcryX.ss2Ok27IqGcRBaUOwLN0e7ND..I5SEvv.:504:505::/home/vbirduser4:/bin/bash

nisuser2 nisuser2:$6$VPp4W0S9$eL9rFsICzmVXDKpEAu321CHt..bOPqQM83dE7tSdfuhp2fLsohUeivF.1.j1iyE39ad8Mfv2zg/Z3A7LjPfIO/:1002:1002::/home/nisuser2:/bin/bash

1 tests failed

 

2.ypwhich检查数据库数量

[root@szm ~]# ypwhich -x

Use "ethers"    for map "ethers.byname"

Use "aliases"   for map "mail.aliases"

Use "services"  for map "services.byname"

Use "protocols" for map "protocols.bynumber"

Use "hosts"     for map "hosts.byname"

Use "networks"  for map "networks.byaddr"

Use "group"     for map "group.byname"

Use "passwd"    for map "passwd.byname"

这些数据库文件则是放置在NIS　Server的/var/yp/vbirdnis/*

 

3.利用ypcat读取数据库内容

[root@szm ~]# ypcat passwd.byname     #-h参数可以指定哪一台NIS Server

vbirduser1:$6$h2rhHtw5$tMQbwjXMLOxjCTUZqKQ1NO0PxV2HngVmG9bdHG3pFy1hTEhCG1Xn3.RB0EdVcfbfwCUkrs1GCSpBlvQyBfCvV.:501:502::/home/vbirduser1:/bin/bash

vbirduser5:$6$hzCqY1Ru$6sAjj9i2AHlyJVnovzhoxV4i974QeeEejiSIwgaqGO5yVrBMlI8hi0zovAF9.6HhGj/ctdGrhFN6oWk4.LkUy0:505:506::/home/vbirduser5:/bin/bash

vbirduser2:$6$OS5Aawvh$2UZHWDST6kQaNsZCTDIRYMamwk0Rfbx4M5PEtDgLj0LcGCnQ.LLsh1oB/3AtVTRVCB1uTFYCg3qmJM8HlgbLp0:502:503::/home/vbirduser2:/bin/bash

szm::500:500:shenzhimin:/home/szm:/bin/bash

nisuser3:$6$ZYL.djFV$fY2rLiNH7FdanXLOKAoN3KjRhlF7uL5bOel3mzK3R2A3x0C6nG.qZmcipz0OnGhXgvq.KfR.rUWjKLH6tRnEn/:1003:1003::/home/nisuser3:/bin/bash

nisuser1:$6$O7afwe1f$gdghSa/C6jIzP.ALwqUZ8vEQriscir3ztsuLxAun3Yr3XrW8ruviCmUGZZCoFpzdTabicukFsx7CxFw30VA9u0:1001:1001::/home/nisuser1:/bin/bash

vbirduser3:$6$6Y0aqnGy$9F.znmvPfsByGmN.Br90LCxbyD0IZxNI7uI95EVUVg2Bp9MRPLvFLkLvs2l7FmLOlp5H7DKHYx5e7F5/mmeGw0:503:504::/home/vbirduser3:/bin/bash

vbirduser4:$6$Y5i39Vr0$QQFWj8FfxoKPrUbhkpbQ0m/NCy8Xgk91ZmUyjC.ffVzbjj.qcryX.ss2Ok27IqGcRBaUOwLN0e7ND..I5SEvv.:504:505::/home/vbirduser4:/bin/bash

nisuser2:$6$VPp4W0S9$eL9rFsICzmVXDKpEAu321CHt..bOPqQM83dE7tSdfuhp2fLsohUeivF.1.j1iyE39ad8Mfv2zg/Z3A7LjPfIO/:1002:1002::/home/nisuser2:/bin/bash

 

用户参数修改：

1.yppasswd:处理帐号信息，还能重建密码数据库，同步更新数据库

2.ypchfn:chfn相同

3.ypchsh:chsh相同

 

[root@szm ~]# grep nisuser /etc/passwd

[root@szm ~]# su - nisuser1

su: warning: cannot change directory to /home/nisuser1: No such file or directory

-bash-4.1$

-bash-4.1$ yppasswd

Changing NIS account information for nisuser1 on Centosszm.test.com.

Please enter old password:

Changing NIS password for nisuser1 on Centosszm.test.com.

Please enter new password:

Please retype new password:

 

The NIS password has been changed on Centosszm.test.com.

 

服务器数据库文件：

[root@Centosszm ~]# ll /var/yp/vbirdnis/

total 2476

-rw-------. 1 root root   12659 Mar 31 23:31 group.bygid

-rw-------. 1 root root   12714 Mar 31 23:31 group.byname

-rw-------. 1 root root   12616 Mar 31 23:31 hosts.byaddr

-rw-------. 1 root root   12656 Mar 31 23:31 hosts.byname

-rw-------. 1 root root   13181 Mar 31 23:31 mail.aliases

-rw-------. 1 root root   13587 Mar 31 23:31 netid.byname

-rw-------. 1 root root   13696 Apr  1 14:03 passwd.byname

-rw-------. 1 root root   13648 Apr  1 14:03 passwd.byuid

-rw-------. 1 root root   29330 Mar 31 23:31 protocols.byname

-rw-------. 1 root root   14670 Mar 31 23:31 protocols.bynumber

-rw-------. 1 root root   16431 Mar 31 23:31 rpc.byname

-rw-------. 1 root root   14243 Mar 31 23:31 rpc.bynumber

-rw-------. 1 root root  827760 Mar 31 23:31 services.byname

-rw-------. 1 root root 1654865 Mar 31 23:31 services.byservicename

-rw-------. 1 root root   12382 Mar 31 23:31 ypservers

 

[root@Centosszm ~]# tail -1 /var/log/messages

Apr  1 14:03:47 Centosszm rpc.yppasswdd[2417]: update nisuser1 (uid=1001) from host 192.168.179.137 successful.

 

PC Cluster：

http://linux.vbird.org/linux_server/0600cluster.php

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

转载于:https://blog.51cto.com/2816056/1169005